AZL-53295

See a problem?
Import Source
https://github.com/microsoft/AzureLinuxVulnerabilityData/blob/main/osv/AZL-53295.json
JSON Data
https://api.test.osv.dev/v1/vulns/AZL-53295
Upstream
Published
2024-09-18T08:15:06Z
Modified
2026-04-01T05:18:00.728441Z
Summary
CVE-2024-46794 affecting package kernel 5.15.200.1-1
Details

In the Linux kernel, the following vulnerability has been resolved:

x86/tdx: Fix data leak in mmio_read()

The mmio_read() function makes a TDVMCALL to retrieve MMIO data for an address from the VMM.

Sean noticed that mmio_read() unintentionally exposes the value of an initialized variable (val) on the stack to the VMM.

This variable is only needed as an output value. It did not need to be passed to the VMM in the first place.

Do not send the original value of *val to the VMM.

[ dhansen: clarify what 'val' is used for. ]

References

Affected packages

Azure Linux:2 / kernel

Package

Name
kernel
Purl
pkg:rpm/azure-linux/kernel

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Last affected
5.15.200.1-1

Database specific

source 
"https://github.com/microsoft/AzureLinuxVulnerabilityData/blob/main/osv/AZL-53295.json"